CI/CD Pipeline Integration with Fastlane and GitHub Actions and Integration of Native C++ Code for Secure Handling of Sensitive Infos #19
Conversation
…C, Amrit, FLW, ABHA, and Sanjeevani APIs
…staging & UAT to Firebase, production to Play Store)
…in CMakeLists.txt and native-lib.cpp
…to Firebase App Distribution and Play Store
WalkthroughThe pull request introduces a comprehensive overhaul of the Android application's build and distribution infrastructure. It replaces existing CI/CD configurations with a new GitHub Actions-based workflow, adds native code support through CMake, and implements Fastlane for streamlined build and distribution processes. The changes include new workflow files, native library integration for URL management, and configuration updates across multiple files to support more flexible and automated build and deployment strategies. Changes
Sequence DiagramsequenceDiagram
participant GHA as GitHub Actions
participant Fastlane as Fastlane
participant Firebase as Firebase App Distribution
participant Native as Native Library
participant App as Android App
GHA->>Fastlane: Trigger build
Fastlane->>Native: Load library
Native-->>Fastlane: Provide URLs
Fastlane->>App: Build APK
App-->>Fastlane: Generate APK
Fastlane->>Firebase: Distribute APK
Poem
Finishing Touches
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 12
🧹 Nitpick comments (9)
fastlane/Appfile (1)
2-2: Consider externalizing the package name.The hardcoded package name could make it difficult to maintain multiple environments (staging, production).
Consider using an environment variable:
-package_name("org.piramalswasthya.cho") +package_name(ENV["APP_PACKAGE_NAME"])app/src/main/java/org/piramalswasthya/cho/utils/KeyUtils.kt (1)
17-25: Add KDoc documentation for external functions.The external functions lack documentation explaining their purpose and usage.
Add KDoc comments for better maintainability:
/** * Retrieves the base TMC URL from native code. * @return The base URL for TMC services */ external fun baseTmcUrl(): Stringfastlane/Fastfile (1)
49-55: Complete the version management implementation.The commented-out version increment lane is incomplete and could lead to version conflicts.
Consider implementing:
- Version code management based on git tags
- Separate version tracks for different environments
- Automated version bumping based on branch/environment
app/src/main/java/org/piramalswasthya/cho/di/AppModule.kt (1)
149-152: Consider implementing circuit breakers for API calls.While securing the URLs is a good step, consider implementing circuit breakers for these API services to handle failures gracefully and prevent cascading failures.
Also applies to: 164-167, 179-182
.github/workflows/android.yml (2)
3-10: Consider restricting PR triggers to specific paths.The workflow currently runs for all PRs targeting main. Consider adding path filters to run only when relevant files are changed:
pull_request: branches: - main + paths: + - 'app/**' + - 'build.gradle' + - 'gradle/**'
34-41: Document production deployment prerequisites.The production job is commented out. Consider adding documentation about the prerequisites and steps needed to enable production deployment.
Gemfile (1)
3-3: Consider pinning the fastlane version.To ensure consistent builds across different environments, consider pinning the fastlane version:
-gem "fastlane" +gem "fastlane", "~> 2.217.0" # Replace with your desired versionapp/src/main/cpp/CMakeLists.txt (1)
1-2: Consider lowering the minimum CMake version requirement.The specified CMake version 3.11 might be higher than necessary. Many Android Studio versions come with CMake 3.10.x. Consider using 3.10.2 unless you need specific 3.11 features.
-cmake_minimum_required(VERSION 3.11) +cmake_minimum_required(VERSION 3.10.2)app/build.gradle (1)
Line range hint
1-100: Clean up build.gradle file.
- Remove commented out code
- Consolidate duplicate compose BOM declarations
- Consider extracting more dependency versions to variables
Would you like me to provide a cleaned-up version of the dependencies section?
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
Gemfile.lockis excluded by!**/*.lock
📒 Files selected for processing (15)
.github/workflows/android.yml(1 hunks).github/workflows/build-distribute.yml(1 hunks).gitlab-ci.yml(0 hunks)Gemfile(1 hunks)app/.gitignore(1 hunks)app/build.gradle(2 hunks)app/google-services.json(0 hunks)app/src/main/cpp/CMakeLists.txt(1 hunks)app/src/main/cpp/native-lib.cpp(1 hunks)app/src/main/java/org/piramalswasthya/cho/di/AppModule.kt(5 hunks)app/src/main/java/org/piramalswasthya/cho/utils/KeyUtils.kt(1 hunks)fastlane/Appfile(1 hunks)fastlane/Fastfile(1 hunks)fastlane/Pluginfile(1 hunks)pipelines/build_apk.yml(0 hunks)
💤 Files with no reviewable changes (3)
- app/google-services.json
- .gitlab-ci.yml
- pipelines/build_apk.yml
✅ Files skipped from review due to trivial changes (1)
- fastlane/Pluginfile
🧰 Additional context used
🪛 actionlint (1.7.4)
.github/workflows/build-distribute.yml
66-66: shellcheck reported issue in this script: SC2086:info:2:33: Double quote to prevent globbing and word splitting
(shellcheck)
🪛 yamllint (1.35.1)
.github/workflows/build-distribute.yml
[error] 64-64: trailing spaces
(trailing-spaces)
[error] 65-65: trailing spaces
(trailing-spaces)
[error] 66-66: trailing spaces
(trailing-spaces)
[error] 67-67: trailing spaces
(trailing-spaces)
[error] 68-68: trailing spaces
(trailing-spaces)
[error] 69-69: trailing spaces
(trailing-spaces)
[error] 72-72: trailing spaces
(trailing-spaces)
[error] 73-73: trailing spaces
(trailing-spaces)
[error] 74-74: trailing spaces
(trailing-spaces)
[error] 75-75: trailing spaces
(trailing-spaces)
[error] 76-76: trailing spaces
(trailing-spaces)
[error] 77-77: trailing spaces
(trailing-spaces)
[error] 90-90: trailing spaces
(trailing-spaces)
[warning] 111-111: too many blank lines
(3 > 2) (empty-lines)
[warning] 124-124: too many blank lines
(1 > 0) (empty-lines)
🪛 rubocop (1.69.1)
fastlane/Fastfile
[convention] 4-5: Extra empty line detected at block body beginning.
(Layout/EmptyLinesAroundBlockBody)
[convention] 16-16: Prefer to_s over string interpolation.
(Style/RedundantInterpolation)
[convention] 58-59: Extra empty line detected at block body end.
(Layout/EmptyLinesAroundBlockBody)
🪛 detekt (1.23.7)
app/src/main/java/org/piramalswasthya/cho/utils/KeyUtils.kt
[warning] 10-10: The caught exception is swallowed. The original exception could be lost.
(detekt.exceptions.SwallowedException)
🔇 Additional comments (7)
fastlane/Appfile (1)
1-1: Configure json_key_file path for Google Play deployment.The empty json_key_file path will prevent Google Play Store deployment. This file is required for authenticating with the Google Play Console.
Please ensure the JSON key file is properly configured. You can:
- Set it directly in the Appfile
- Use an environment variable
- Configure it in your CI/CD pipeline
app/src/main/java/org/piramalswasthya/cho/di/AppModule.kt (2)
59-59: LGTM! Security enhancement through native code integration.The integration of KeyUtils aligns with the PR objective of securing sensitive information using native C++ code.
134-137: Verify timeout configuration for ESanjeevani API.While the URL is now securely managed through native code, the HTTP client's timeout (30 seconds) might be insufficient for the ESanjeevani API. Consider increasing the timeout or implementing a retry mechanism.
app/.gitignore (1)
8-9: Verify secure handling of google-services.json.While tracking environment-specific google-services.json files enables multi-environment setup, ensure these files don't contain sensitive credentials. Consider using Firebase App Distribution's service account authentication instead.
✅ Verification successful
✓ Proper gitignore configuration for google-services.json
The google-services.json files are properly excluded from version control, which is the recommended security practice. The .gitignore entries are working as intended.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check if google-services.json files contain sensitive information fd 'google-services.json' | xargs cat | jq -r '.client[].api_key[].current_key' 2>/dev/nullLength of output: 79
app/src/main/cpp/CMakeLists.txt (1)
20-40: LGTM: Library configuration and linking.The shared library configuration and log library linking are properly set up.
app/build.gradle (2)
28-35: LGTM: ABI splits configuration.The ABI splits configuration is properly set up to generate architecture-specific APKs while maintaining a universal APK.
95-100: LGTM: Native build configuration.The CMake and NDK configuration is properly set up for native code integration.
| external fun baseTmcUrl(): String | ||
|
|
||
| external fun baseAmritUrl(): String | ||
|
|
||
| external fun baseFlwUrl(): String | ||
|
|
||
| external fun baseAbhaUrl(): String | ||
|
|
||
| external fun sanjeevaniApiUrl(): String |
There was a problem hiding this comment.
Fix package name mismatch in JNI implementation.
The native implementation uses org_piramalswasthya_sakhi_utils_KeyUtils while the Kotlin class is in org.piramalswasthya.cho.utils. This mismatch will cause runtime errors.
The package names must match exactly between Kotlin and C++ implementations. Update either:
- The Kotlin package to
org.piramalswasthya.sakhi.utils - The C++ JNI function names to use
org_piramalswasthya_cho_utils_KeyUtils
| try { | ||
| System.loadLibrary(NATIVE_JNI_LIB_NAME) | ||
| } catch (e: UnsatisfiedLinkError) { | ||
| throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME") | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Improve native library loading error handling.
The current implementation swallows the original exception details. This could make debugging issues more difficult.
try {
System.loadLibrary(NATIVE_JNI_LIB_NAME)
} catch (e: UnsatisfiedLinkError) {
- throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME")
+ throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME", e)
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| try { | |
| System.loadLibrary(NATIVE_JNI_LIB_NAME) | |
| } catch (e: UnsatisfiedLinkError) { | |
| throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME") | |
| } | |
| try { | |
| System.loadLibrary(NATIVE_JNI_LIB_NAME) | |
| } catch (e: UnsatisfiedLinkError) { | |
| throw RuntimeException("Failed to load native library: $NATIVE_JNI_LIB_NAME", e) | |
| } |
🧰 Tools
🪛 detekt (1.23.7)
[warning] 10-10: The caught exception is swallowed. The original exception could be lost.
(detekt.exceptions.SwallowedException)
| std::string baseTmcUrl = BASE_TMC_URL; | ||
| return env->NewStringUTF(baseTmcUrl.c_str()); |
There was a problem hiding this comment.
Add missing URL constant definitions.
The code references undefined constants (BASE_TMC_URL, etc.). This will cause compilation errors.
Add the missing constant definitions:
#define BASE_TMC_URL "https://tmc.example.com" // Replace with actual URL| Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseTmcUrl(JNIEnv *env, jobject thiz) { | ||
| std::string baseTmcUrl = BASE_TMC_URL; | ||
| return env->NewStringUTF(baseTmcUrl.c_str()); | ||
| } | ||
|
|
||
| extern "C" JNIEXPORT jstring JNICALL | ||
| Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseAmritUrl(JNIEnv *env, jobject thiz) { | ||
| std::string baseAmritUrl = BASE_AMRIT_URL; | ||
| return env->NewStringUTF(baseAmritUrl.c_str()); | ||
| } | ||
|
|
||
| extern "C" | ||
| JNIEXPORT jstring JNICALL | ||
| Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseFlwUrl(JNIEnv *env, jobject thiz) { | ||
| std::string baseFlwUrl = BASE_FLW_URL; | ||
| return env->NewStringUTF(baseFlwUrl.c_str()); | ||
| } | ||
|
|
||
|
|
||
| extern "C" | ||
| JNIEXPORT jstring JNICALL | ||
| Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseAbhaUrl(JNIEnv *env, jobject thiz) { | ||
| std::string baseAbhaUrl = BASE_ABHA_URL; | ||
| return env->NewStringUTF(baseAbhaUrl.c_str()); | ||
| } | ||
|
|
||
| extern "C" | ||
| JNIEXPORT jstring JNICALL | ||
| Java_org_piramalswasthya_sakhi_utils_KeyUtils_sanjeevaniApiUrl(JNIEnv *env, jobject thiz) { | ||
| std::string sanjeevaniApiUrl = SANJEEVANI_API_URL; | ||
| return env->NewStringUTF(sanjeevaniApiUrl.c_str()); | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Implement proper error handling in JNI functions.
The current implementation lacks error handling for potential failures and memory management issues.
- Add null checks for JNIEnv
- Handle potential exceptions
- Implement proper memory management
Example implementation:
extern "C" JNIEXPORT jstring JNICALL
Java_org_piramalswasthya_cho_utils_KeyUtils_baseTmcUrl(JNIEnv *env, jobject /* thiz */) {
if (env == nullptr) {
return nullptr;
}
try {
std::string baseTmcUrl = BASE_TMC_URL;
return env->NewStringUTF(baseTmcUrl.c_str());
} catch (const std::exception& e) {
env->ThrowNew(env->FindClass("java/lang/RuntimeException"),
"Failed to get base TMC URL");
return nullptr;
}
}| #include <jni.h> | ||
| #include <string> | ||
| #include <android/log.h> | ||
|
|
||
|
|
||
| // JNI functions | ||
| extern "C" JNIEXPORT jstring JNICALL | ||
| Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseTmcUrl(JNIEnv *env, jobject thiz) { | ||
| std::string baseTmcUrl = BASE_TMC_URL; | ||
| return env->NewStringUTF(baseTmcUrl.c_str()); | ||
| } | ||
|
|
||
| extern "C" JNIEXPORT jstring JNICALL | ||
| Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseAmritUrl(JNIEnv *env, jobject thiz) { | ||
| std::string baseAmritUrl = BASE_AMRIT_URL; | ||
| return env->NewStringUTF(baseAmritUrl.c_str()); | ||
| } | ||
|
|
||
| extern "C" | ||
| JNIEXPORT jstring JNICALL | ||
| Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseFlwUrl(JNIEnv *env, jobject thiz) { | ||
| std::string baseFlwUrl = BASE_FLW_URL; | ||
| return env->NewStringUTF(baseFlwUrl.c_str()); | ||
| } | ||
|
|
||
|
|
||
| extern "C" | ||
| JNIEXPORT jstring JNICALL | ||
| Java_org_piramalswasthya_sakhi_utils_KeyUtils_baseAbhaUrl(JNIEnv *env, jobject thiz) { | ||
| std::string baseAbhaUrl = BASE_ABHA_URL; | ||
| return env->NewStringUTF(baseAbhaUrl.c_str()); | ||
| } | ||
|
|
||
| extern "C" | ||
| JNIEXPORT jstring JNICALL | ||
| Java_org_piramalswasthya_sakhi_utils_KeyUtils_sanjeevaniApiUrl(JNIEnv *env, jobject thiz) { | ||
| std::string sanjeevaniApiUrl = SANJEEVANI_API_URL; | ||
| return env->NewStringUTF(sanjeevaniApiUrl.c_str()); | ||
| } | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Implement URL obfuscation for security.
The URLs are currently stored as plain text constants. This makes them easily discoverable through reverse engineering.
Consider implementing:
- String encryption/decryption
- URL composition from parts
- Basic obfuscation techniques
Example:
std::string decrypt_url(const char* encrypted_url) {
// Implement decryption logic
return decrypted_url;
}| # Fetch environment variables | ||
| set(BASE_TMC_URL "$ENV{BASE_TMC_URL}") | ||
| set(BASE_AMRIT_URL "$ENV{BASE_AMRIT_URL}") | ||
| set(BASE_FLW_URL "$ENV{BASE_FLW_URL}") | ||
| set(BASE_ABHA_URL "$ENV{BASE_ABHA_URL}") | ||
| set(SANJEEVANI_API_URL "$ENV{SANJEEVANI_API_URL}") | ||
|
|
||
| # Pass the values to the compiler using add_definitions | ||
| add_definitions( | ||
| -DBASE_TMC_URL=\"${BASE_TMC_URL}\" | ||
| -DBASE_AMRIT_URL=\"${BASE_AMRIT_URL}\" | ||
| -DBASE_FLW_URL=\"${BASE_FLW_URL}\" | ||
| -DBASE_ABHA_URL=\"${BASE_ABHA_URL}\" | ||
| -DSANJEEVANI_API_URL=\"${SANJEEVANI_API_URL}\" | ||
| ) |
There was a problem hiding this comment.
Security concern: Sensitive URLs in preprocessor definitions.
Passing URLs as preprocessor definitions makes them easily extractable from the binary. Consider:
- Encrypting the URLs in the binary
- Using string obfuscation techniques
- Implementing runtime URL resolution
Would you like me to provide an example implementation of encrypted URL storage and runtime resolution?
| # Set app URLs used in the codebase | ||
| export BASE_TMC_URL=${{ secrets.BASE_TMC_URL }} | ||
| export BASE_AMRIT_URL=${{ secrets.BASE_AMRIT_URL }} | ||
| export BASE_FLW_URL=${{ secrets.BASE_FLW_URL }} | ||
| export BASE_ABHA_URL=${{ secrets.BASE_ABHA_URL }} | ||
| export SANJEEVANI_API_URL=${{ secrets.SANJEEVANI_API_URL }} | ||
|
|
||
|
|
||
| # Set app release version signing credentials | ||
| export KEYSTORE_PATH=${{ secrets.KEYSTORE_PATH }} | ||
| export KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }} | ||
| export KEY_ALIAS=${{ secrets.KEY_ALIAS }} | ||
| export KEY_PASSWORD=${{ secrets.KEY_PASSWORD }} | ||
|
|
||
| # Set Firebase App Distribution and Google Play authentication tokens | ||
| export FIREBASE_APP_ID=${{ secrets.FIREBASE_APP_ID }} | ||
| export FIREBASE_CLI_TOKEN=${{ secrets.FIREBASE_CLI_TOKEN }} | ||
| export TESTER_GROUPS=${{ secrets.TESTER_GROUPS }} | ||
| # export GOOGLE_PLAY_JSON_KEY=$(echo ${{ secrets.GOOGLE_PLAY_JSON_KEY }} | base64 --decode) |
There was a problem hiding this comment.
Security concern: Environment variables exposure.
Environment variables set in the workflow might be exposed in build logs. Consider:
- Using GitHub's masked secrets feature
- Minimizing the scope of environment variables
- Using secrets only where absolutely necessary
🧰 Tools
🪛 yamllint (1.35.1)
[error] 90-90: trailing spaces
(trailing-spaces)
| - name: Set up ruby env | ||
| uses: ruby/setup-ruby@v1 | ||
| with: | ||
| ruby-version: 3.3.6 | ||
| bundler-cache: true |
There was a problem hiding this comment.
Fix invalid Ruby version.
Ruby version 3.3.6 doesn't exist. The latest stable version is 3.2.2.
- ruby-version: 3.3.6
+ ruby-version: 3.2.2📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Set up ruby env | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 3.3.6 | |
| bundler-cache: true | |
| - name: Set up ruby env | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 3.2.2 | |
| bundler-cache: true |
| - name: Install CMake | ||
| uses: jwlawson/actions-setup-cmake@v1 | ||
| with: | ||
| cmake-version: '3.31.1' | ||
|
|
There was a problem hiding this comment.
Fix invalid CMake version.
CMake version 3.31.1 doesn't exist. The latest version is 3.27.x.
- cmake-version: '3.31.1'
+ cmake-version: '3.27.7'📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Install CMake | |
| uses: jwlawson/actions-setup-cmake@v1 | |
| with: | |
| cmake-version: '3.31.1' | |
| - name: Install CMake | |
| uses: jwlawson/actions-setup-cmake@v1 | |
| with: | |
| cmake-version: '3.27.7' | |
| - name: Get version from build.gradle | ||
| id: get-version | ||
| run: | | ||
| VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/") | ||
| echo "version=$VERSION_NAME" >> $GITHUB_ENV | ||
| env: | ||
| GITHUB_ENV: $GITHUB_ENV | ||
|
|
||
| - name: Verify version | ||
| run: | | ||
| if [ -z "$VERSION_NAME" ]; then | ||
| echo "Version name could not be extracted. Exiting." exit 1 | ||
| else | ||
| echo "Version name is $VERSION_NAME" | ||
| fi |
There was a problem hiding this comment.
Fix shell script issues in version extraction.
The version extraction script has several issues:
- Missing quotes around variables
- Incorrect syntax in error message
- VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/")
- echo "version=$VERSION_NAME" >> $GITHUB_ENV
+ VERSION_NAME="$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/")"
+ echo "version=${VERSION_NAME}" >> "${GITHUB_ENV}"- echo "Version name could not be extracted. Exiting." exit 1
+ echo "Version name could not be extracted. Exiting."
+ exit 1📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Get version from build.gradle | |
| id: get-version | |
| run: | | |
| VERSION_NAME=$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/") | |
| echo "version=$VERSION_NAME" >> $GITHUB_ENV | |
| env: | |
| GITHUB_ENV: $GITHUB_ENV | |
| - name: Verify version | |
| run: | | |
| if [ -z "$VERSION_NAME" ]; then | |
| echo "Version name could not be extracted. Exiting." exit 1 | |
| else | |
| echo "Version name is $VERSION_NAME" | |
| fi | |
| - name: Get version from build.gradle | |
| id: get-version | |
| run: | | |
| VERSION_NAME="$(grep 'versionName' app/build.gradle | sed -E "s/.*versionName ['\"]([0-9.]+)['\"].*/\1/")" | |
| echo "version=${VERSION_NAME}" >> "${GITHUB_ENV}" | |
| env: | |
| GITHUB_ENV: $GITHUB_ENV | |
| - name: Verify version | |
| run: | | |
| if [ -z "$VERSION_NAME" ]; then | |
| echo "Version name could not be extracted. Exiting." | |
| exit 1 | |
| else | |
| echo "Version name is $VERSION_NAME" | |
| fi |
🧰 Tools
🪛 actionlint (1.7.4)
66-66: shellcheck reported issue in this script: SC2086:info:2:33: Double quote to prevent globbing and word splitting
(shellcheck)
🪛 yamllint (1.35.1)
[error] 64-64: trailing spaces
(trailing-spaces)
[error] 65-65: trailing spaces
(trailing-spaces)
[error] 66-66: trailing spaces
(trailing-spaces)
[error] 67-67: trailing spaces
(trailing-spaces)
[error] 68-68: trailing spaces
(trailing-spaces)
[error] 69-69: trailing spaces
(trailing-spaces)
[error] 72-72: trailing spaces
(trailing-spaces)
[error] 73-73: trailing spaces
(trailing-spaces)
[error] 74-74: trailing spaces
(trailing-spaces)
[error] 75-75: trailing spaces
(trailing-spaces)
[error] 76-76: trailing spaces
(trailing-spaces)
[error] 77-77: trailing spaces
(trailing-spaces)
📋 Description
JIRA ID:
Please provide a summary of the change and the motivation behind it. Include relevant context and details.
This pull request introduces significant enhancements to our Android project, focusing on security improvements and the implementation of a robust CI/CD pipeline. The key changes include the integration of native C++ code, CMake configuration, and the setup of automated workflows using Fastlane and GitHub Actions.
Changes Made:
Integrated native C++ code into the Android project to securely handle base URLs and secret keys, mitigating risks of reverse engineering.
Configured CMake to build and link the native code with the Android application.
Implemented Fastlane lanes for building the Android app across multiple environments (e.g., staging, production).
Configured Fastlane to automate the distribution of APKs to Firebase App Distribution, streamlining the testing and deployment process.
Set up a comprehensive GitHub Actions workflow to automate the CI/CD process.
Installed required SDKs and tools (Java, Android SDK, NDK, CMake, Ruby) to ensure a consistent build environment.
Generated environment-specific files (e.g., google-services.json) dynamically during the workflow execution.
Utilized GitHub Secrets to securely manage and inject environment variables necessary for the build process.
Built the Android app using Fastlane, leveraging the configured lanes for different environments.
Uploaded the built APKs as artifacts to GitHub, facilitating easy access for testing and further distribution.
Environment
hlw_stag_jobSAKSHAM_STAGSakshamStaghlw_uat_jobSAKSHAM_UATSakshamUathlw_production_jobSAKSHAM_PRODUCTIONSakshamEnvironment Secrets:-
BASE_AMRIT_URL${{ secrets.BASE_AMRIT_URL }}BASE_FLW_URL${{ secrets.BASE_FLW_URL }}BASE_TMC_URL${{ secrets.BASE_TMC_URL }}BASE_ABHA_URL${{ secrets.BASE_ABHA_URL }}SANJEEVANI_API_URL${{ secrets.SANJEEVANI_API_URL }}FIREBASE_APP_ID${{ secrets.FIREBASE_APP_ID }}FIREBASE_CLI_TOKEN${{ secrets.FIREBASE_CLI_TOKEN }}TESTER_GROUPS${{ secrets.TESTER_GROUPS }}KEYSTORE_PATH${{ secrets.KEYSTORE_PATH }}KEYSTORE_PASSWORD${{ secrets.KEYSTORE_PASSWORD }}KEY_ALIAS${{ secrets.KEY_ALIAS }}KEY_PASSWORD${{ secrets.KEY_PASSWORD }}GOOGLE_SERVICES_JSON_GENERIC${{ secrets.GOOGLE_SERVICES_JSON_GENERIC }}GOOGLE_PLAY_JSON_KEY${{ secrets.GOOGLE_PLAY_JSON_KEY }}✅ Type of Change
ℹ️ Additional Information
The changes were tested by running the defined Fastlane lanes to ensure proper functionality. This involved assembling the builds and verifying their distribution via Firebase App Distribution. No functional changes to the application were made, only configuration adjustments.
Summary by CodeRabbit
Release Notes
New Features
Infrastructure
Development Tools